News Brief

The Chinese threat actor group known as "Silk Typhoon" has been linked to the December 2024 hack on an agency that’s part of the US Department of the Treasury.

Details of the Breach

In the breach, the threat actors were able to use a stolen Remote Support SaaS API key through third-party cybersecurity vendor BeyondTrust to steal data from workstations in the Office of Foreign Assets Control (OFAC).

Background on Silk Typhoon

Silk Typhoon, also known as Hafnium, is well known for hitting targets in education, healthcare, defense, and non-governmental organizations.

Cyber-Espionage Campaigns

Using tools such as the China Chopper Web shell, the group’s cyber-espionage campaigns focus mainly on data theft.

Additional Target

The group also targeted the Treasury Department’s Office of Financial Research; this latest breach is still being investigated and assessed.

Assessment by CISA

The Cybersecurity and Infrastructure Security Agency (CISA) has since confirmed that these exploits are limited to just the agency, and there is no indication that any other federal agencies have been impacted by the incident.